package com.util;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;

import com.cfs.dao.sys.UserDao;
import com.cfs.po.sys.*;

/**
 * 访问者合法性校验
 * 辅助转换访问方式（PUT:POST_method=PUT; DELETE: GET_method=DELETE）
 * 
 * Servlet Filter implementation class AccessControlFilter
 */
public class AccessControlFilter implements Filter {

//	private static String NOT_LOGIN = "{\"CODE\":\"200\", \"ERROR\":\"NOT LOGIN\"}";
//	private static String NOT_LOGIN = "NOT_LOGIN";
//	private static String NOT_PERMISION = "NOT_PERMISION";
	private static String NOT_LOGIN = "{\"Res\":{\"code\":-2,\"msg\":\"用户未登录!\"}}";
	private static String NOT_PERMISION = "{\"Res\":{\"code\":-2,\"msg\":\"用户未授权!!\"}}";
	private static Logger log = Logger.getLogger(AccessControlFilter.class);
	
	private UserDao dao;
	
    public UserDao getDao() {
		return dao;
	}

	public void setDao(UserDao dao) {
		this.dao = dao;
	}

	/**
     * Default constructor. 
     */
    public AccessControlFilter() {
        // TODO Auto-generated constructor stub
    }

	/**
	 * @see Filter#destroy()
	 */
	public void destroy() {
		// TODO Auto-generated method stub
	}

	/**
	 * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
	 */
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

		HttpServletRequest req = (HttpServletRequest)request;

//		System.out.println("User-Agent: " + req.getHeader("User-Agent"));

		// Android 客户端识别
		if( null!=req.getHeader("SLT-ANDROID") ){
			chain.doFilter(request, response);
			return;
		}

		String pathInfo = req.getPathInfo();
		if( pathInfo.startsWith("/Logins/") || "/Logins/".equals(pathInfo) || "/Logins".equals(pathInfo) ){
			chain.doFilter(request, response);
			return;
		}

		HttpSession session = req.getSession();
		User me = (User)session.getAttribute(CONST.SESSION_USER);
//		System.out.println("Session: " + (me==null ? "IS NULL" : me.getName() ) );
		if(me==null){
			response.setCharacterEncoding("UTF-8");
			response.setContentType("application/json");
			response.getWriter().print(NOT_LOGIN);
			return;
		}

		if(!checkRights(me, pathInfo)){
			response.setCharacterEncoding("UTF-8");
			response.setContentType("application/json");
			response.getWriter().print(NOT_PERMISION);
			return;
		}

		chain.doFilter(request, response);
	}

	/**
	 * @see Filter#init(FilterConfig)
	 */
	public void init(FilterConfig fConfig) throws ServletException {
	}
	
	private boolean checkRights(User u, String pathInfo){
		return true;
/*
		Role r = u.getCurrRole();//RoleDao.get(ro[0]);
		
		log.info("path===>" + pathInfo);
		
		if(r!=null)
		for(String uri : r.getRights()){
			if(pathInfo.startsWith(uri)){
				return true;
			}
		}

		return false;
		*/
	}

}
